Malaque 3 Posted February 17, 2016 Share Posted February 17, 2016 (edited) Hello. I'm still having some issues with Nod32, especially with logout session in user accounts of Windows 10 https://forum.eset.com/topic/7345-is-eset-crashing-my-windows-10/ I've enabled HIPS register and i've seen that the HIPS is blocking Winlogon process (selfdefense). I wonder how could I create a Rule exception for unblock Winlogon in HIPS module. Thanks Edited February 17, 2016 by Malaque Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted February 17, 2016 Administrators Share Posted February 17, 2016 Please elaborate more on the issue. Are you unable to log out of a Windows session with Self-defense enabled? Link to comment Share on other sites More sharing options...
Solution Malaque 3 Posted February 17, 2016 Author Solution Share Posted February 17, 2016 (edited) Randomly, not always, when i log out of an user session, Windows 10 crashes with this message: hxxp://i.imgur.com/RpmXrJQ.jpg In log HIPS, i've seen this event many times: 35]17/02/2016 15:41:03 35]C:\Windows\System32\svchost.exe 35]Obtener acceso a otra aplicación 35]C:\Windows\System32\winlogon.exe 35]acceso parcial bloqueado 35]Autodefensa: No permitir la modificación de procesos del sistema 35]Terminar/suspender otra aplicación 35]Now i set HIPS in Learning Mode and see if the crash back again. Maybe disabling Self-defense or creating a HIPs rule could help... Edited February 17, 2016 by Malaque Link to comment Share on other sites More sharing options...
Malaque 3 Posted February 17, 2016 Author Share Posted February 17, 2016 Disabling Self-Defense... problemas gone. Thanks Link to comment Share on other sites More sharing options...
mma64 7 Posted February 17, 2016 Share Posted February 17, 2016 [Malaque] Disabling Self-Defense... problemas gone. Thanks You shouldn't do this! Instead try it with a new HIPS rule, manually entered, see the screenshots (#4: you select 'winlogon.exe', of course). This way the 'winlogon.exe' crash (?) should go away. (In Win7 my HIPS log is full of the same entries as you have, but there's no crashing because of that. And there's no HIPS rule for 'winlogon.exe'. On the other hand I never log out and choose another user login: starting PC, restricted user login, PC shutdown, that's all...) The pictured new HIPS rule should be 100% safe anyway, and don't forget to reenable ESET Self Defense! (But I doubt, that indeed ESET V9 in combination with Win10 has to be blamed for the described crash.) Try it and report back. Thanks. HTH Link to comment Share on other sites More sharing options...
Malaque 3 Posted February 18, 2016 Author Share Posted February 18, 2016 [Malaque] Disabling Self-Defense... problemas gone. Thanks You shouldn't do this! Instead try it with a new HIPS rule, manually entered, see the screenshots (#4: you select 'winlogon.exe', of course). This way the 'winlogon.exe' crash (?) should go away. (In Win7 my HIPS log is full of the same entries as you have, but there's no crashing because of that. And there's no HIPS rule for 'winlogon.exe'. On the other hand I never log out and choose another user login: starting PC, restricted user login, PC shutdown, that's all...) The pictured new HIPS rule should be 100% safe anyway, and don't forget to reenable ESET Self Defense! (But I doubt, that indeed ESET V9 in combination with Win10 has to be blamed for the described crash.) Try it and report back. Thanks. HTH Thanks for your reply. Really i still create a rule, similar as yours, but problem back again. Even i delete one of the suspitious users accounts and create it again, but it not solves the issue. I'm not a patient man (i'm very busy), so finally i've uninstalled Nod32 in my desktop PC, and installed this license in my laptop (single user) and not problems. In my desktop PC i've installed KIS 2016 and it's running fine. Thanks again for your support. Link to comment Share on other sites More sharing options...
Recommended Posts